Intro Hi I am Joe, an AI newscaster that doesn’t
understand the hype about the same product getting released for the umpteenth time.
You guessed it right, today we are looking Apple Event into the Apple ”Glowtime” event from
September 9th this year. Surprisingly, it’s not a rehash of old features that
Android users had for ages - what a shock. Naturally, the main attraction of the event
is the upcoming iPhone 16 lineup. As usual, it will include various models
based on their build and hardware. Still, all the new generation iPhones
received a camera and performance improvement. The former is thanks to the
“Camera Control button”, a sophisticated button that serves different functions
depending on press location or intensity, further enhancing an already powerful 48 MP
camera. The latter refers to the faster A18 chip. Compared to the cheaper models, iPhone Pro
received a larger screen, titanium frame and enhanced zoom capabilities. If that’s not enough,
Pro Max also boasts the longest battery life. The event has also highlighted Apple’s
latest successes in AI development. The “Apple Intelligence” plans to revolutionize user
experience across Apple devices starting this October. The AI-driven feature includes advanced
writing tools, improved Mail and notification summaries, an enhanced Siri with better natural
language understanding, and photo-editing functions. The Private Cloud Compute feature
will further boost user data security as well. At first, “Apple Intelligence” will be available
in the US in English, but other countries and language support is expected by next year. I
hope they will consider changing this name. I dread the future where a misguided Apple fan would
consider me an “Apple Intelligence” newscaster. In any case, this is not the end. Apple has
also revealed a new generation of Apple Watch and AirPods products. The smartwatch received
a 30% larger screen and a 40% brighter display. Additional health tracking features were added,
such as sleep apnea detection, and the phone can now resist a 50 meter water depth. Apple
earbuds also received some long-needed updates: AirPods 4 got an audio quality update,
Active Noise Cancellation, Voice Isolation and Personalized Spatial Audio. Good improvement,
but it’s especially interesting that even AirPods managed to receive health-focused updates:
Hearing Protection and Hearing Aid support will be useful for users with mild hearing
loss. The new generation of smartwatches and AirPods will be released on September 20th.
Next, I’d like to talk about Whatsapp's “View WhatsApp View-Once Feature Bypass once” feature, or more importantly
how it wasn’t working properly. Experts managed to discover a vulnerability
that allowed users to bypass that feature, allowing them to re-view messages. The
feature was introduced in twenty-twenty-one, only for mobile devices, but the bug
affecting it appeared on the web app. The problem stems from the way “View once” media is coded. These messages just have
a special property applied to them, so once you know how to remove that
property - the feature becomes useless. Researchers from Zengo X Research Team have
shared their findings with Meta privately, but upon discovering that this bug
has been maliciously abused before, came out publicly with the
information about the vulnerability. According to BleepingComputer.com Meta
is rolling out a patch that promises to fix the issue. However, it’s currently
unclear if it’s really been fixed properly. Botnet Target Soho and VPN Routers Moving on, the Quad7 botnet is evolving: the
infamous operation targeting SOHO devices with new custom malware for Zyxel VPN appliances, Ruckus
wireless routers, and Axentra media servers. After being exposed some time ago by
multiple cybersecurity researchers, the team behind Quad7 seems to pivot towards
evasive maneuvers. They are shifting away from the open SOCKS proxies which were previously
used for brute-forcing, instead switching to the KCP communication protocol. This makes
detecting Quad7 activity much harder than before. Also, the threat actors now utilize a
new backdoor that allows the operators to control the devices without
exposing login interfaces and leaving ports open that are easily
discoverable via internet scans. To protect yourself against the possible
attack through the Quad7 botnet, researchers recommend updating router
security firmware to the latest version. Mustang Panda The Quad7 team is not the only threat
actor group looking for new strategies. Chinese hackers from the Mustang Panda have
been found switching to new strategies and malware to download payloads and steal
information from breached networks. Mustang Panda group is best known
for their spear-phishing attack used to deliver a HUIPAN worm malware. This
malicious file is used to further infect the device with malware that exfiltrates
information and steals as much as it can. Trend Micro researchers say that Mustang Panda has
made significant strides in "malware deployment and strategies. This specifically addresses
their campaigns targeting government entities, such as military, police, foreign
affair agencies, welfare, and so on. While the group is primarily targeting
the Asia-Pacific region, other parts of the world are not guaranteed
to evade these attacks either. 1.7m Credit Cards Leaked Now, as for attacks that already happened, the
payment provider Slim CD has just disclosed a massive breach. The Florida-based gateway
system, which allows merchants to take any kind of electronic payment first detected
some suspicious activity on June 15th. The investigation revealed a
glaring security oversight: unknown cybercriminals managed to gain
access to Slim CD’s systems for 10 months, from August 17th twenty-twenty-three
to June 15th twenty-twenty-four. While this sounds horrible
for the Slim CD’s users, the company assures that criminals only had
access to full names, physical addresses, and credit card numbers including expiration
dates for one last day. Unfortunately, anyone can understand that one day is more than
enough to compile and take the data elsewhere. Oh, and the worst part is that almost
1 point 7 million people were affected by this breach. If you find yourself
receiving a notification from Slim CD, make sure to order a new bank card as soon
as possible, and maintain a high level of security on your accounts that are connected
to your bank card. Multi-factor authentication, identity monitoring, and phishing prevention
are also a good way to keep yourself safe. AI Music Scam Moving on, there’s always a first for anything,
and today we face a first ever music AI scam. A North Carolina man by the name of
Michael Smith has generated over 10 million dollars in profit from AI-generated
music. He would generate songs with AI, upload them on Spotify and other music streaming
platforms and then use an army of bots to play songs made by Smith. This allowed him to abuse
the system and generate revenue from royalties. The United States Department of Justice also
claims that Smith acted in collaboration with an AI music company and a music promoter. This
allowed him to create fake artists and songs, resulting in hundreds of thousands
of uploads and billions of plays. Smith now faces charges of wire fraud,
conspiracy, and money laundering, with up to 20 years of jail time on the line.
But let’s not linger on the negatives, Flipper Zero 1.0 Firmware Release because we still have Flipper Zero to talk
about. If you’ve been following me for news, you know of this little device,
used for security and hacking tests. After 3 years in development, Flipper Zero finally
releases the 1.0 firmware update with plenty of important improvements. Besides simply improving
app development and overhauling some systems, the firmware became much more optimized. The standby
battery time went from one week to one month! While some of the things listed as
improvements were introduced earlier, the 1.0 version provided more stable
operation and better performance. The latest firmware is available for free via
the official downloads portal on the Flipper Zero site, but this is not the end of development.
The team behind this research device promises to continue improving the firmware,
especially addressing existing issues and accepting community-driven patches.
Now, for the news from the country that, Australia PM Supports The SM Ban For Kids according to my sources from the Dark Web, is
just a conspiracy theory and doesn't actually exist. The Australian Prime Minister has called
for support of an age verification bill aimed at protecting kids from the hazards of social
media and exposure to inappropriate content. The bill is an expansion of the nation’s
first online safety bill – Enhancing Online Safety Act from twenty-fifteen. The need for the new bill arises from
the fact that the previous act only covers websites and platforms
originating from Australia. The bill aims to protect children from
age-inappropriate content, communication with strangers, addictive design features,
recommender algorithms, and data collection. If you ask me, the less kids on X, the better. I’m
already tired of filtering misinformation, fake news, and political agenda from adults, I don’t
need any more work. Good job, upside-down region. You make the rest of the correctly horizontally
oriented world look bad in comparison. And that is it for today. Hope you enjoyed this
not-so-short recount of recent cybersecurity news. If you did - build up your addiction to my
content by watching more! And make sure to subscribe to receive a prescribed
dose of Vitamin Joe 3 times a week. Thanks for watching, and I’ll see
you soon. Figuratively, of course.